Multi-factor authentication (MFA) is an important security measure used to verify the identity of a user when accessing accounts, systems, or applications. Cooper uses MFA to protect our patients’ information and secure access to life-saving technologies. MFA requires users to provide multiple pieces of evidence or factors to prove they are who they claim to be when accessing Cooper’s critical infrastructure. MFA uses the following basic principles:
- Something you know: This is typically a PIN or password that only the user should know.
- Something you have: This involves physically possessing an item such as a smartphone, hardware token, or smart card that generates a unique code or key to access secure systems.
- Something you are: This refers to biometric information unique to the user, such as fingerprints, facial recognition, or voice patterns.
MFA Fatigue and How Cyber Criminals Use It
Once a threat actor has identified that an organization like Cooper uses MFA, they know they need access to three pieces of information: someone’s user ID and password and the organization’s MFA. The first step in MFA exploitation is getting access to a valid user ID and password. Most of the time, the threat actor tries to trick us into providing our user ID and password, primarily through phishing but also through phone calls, texts, etc. Other times, the threat actor will use the large databases of user credentials found on the dark web.
Once the threat actor has access to a valid user ID or password, the next step is to overcome the organization’s MFA. It is important to highlight that MFA is the final layer of security before the threat actor is in our networks. To gain access to a user’s MFA, threat actors send request after request to a user, hoping the user will get so frustrated at receiving the requests, they will eventually hit “approve.” Once that happens, the threat actor now has access to the Cooper network.
How to Identify MFA Fatigue and What You Can Do
Watch out for unexpected MFA requests or prompts that you did not initiate. Cyber criminals are trying to access your account without permission.
If asked to use an MFA method outside of Cooper’s policy or receive notifications about failed login attempts, it’s a sign that someone might be trying to bypass Cooper’s security measures. It is important to monitor your accounts and keep an eye on your account for any unusual activity or changes you didn’t make, such as unfamiliar login locations or modifications to your MFA settings. Any changes you do not recognize or that were made without your knowledge may indicate a compromise.
Report any suspicious MFA attempts to Cooper’s information security team as soon as possible, as they can assist in identifying the concern and begin steps to secure your MFA.